Did someone find the NSA's backdoor?
this post was submitted on 09 Aug 2024
30 points (96.9% liked)
technology
23295 readers
212 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 4 years ago
MODERATORS
I feel like 99% of these existential vulnerabilities can only be utilized by state actors until some NSA bozo leaks it because he got demoted for stalking his ex girlfriend
I love technology!
well why'd you tell everyone, now somebody is going to try to exploit it!
It's normal white-hat practice. White hat hacker ethics require you to contact the company and give them lots of chances to fix it.
But if they refuse to fix it or inform people of the vulnerability you broad-band it to the world because it's the only way to force the company's hand.
It sounds like you basically need to have root access to the computer to take advantage of this. Like if someone can use this your system is already totally pwned. But, like, if a spy or something gets access to a machine they could load this and then it'd be in the system with no way to find it or dig it out.
Hmm, So, with root access one can place arbitrary code in the firmware of the CPU, which can be accessed by the OS and ran. I wonder what if an infected computer has a root hack patched? Would it still be possible access the code in user space? Or is this effectively neutralized until the computer is reinfected by the attacker with something that gives root access.
It's funny how often I read FUD articles in the news that basically sum up to be "hackers can spy on you if they have physical access to your computer". This is actually a big one and I hope it gets effectively patched ASAP. Especially for embedded devices.